US7434065B2 - Secure verification using a set-top-box chip - Google Patents

Secure verification using a set-top-box chip Download PDF

Info

Publication number
US7434065B2
US7434065B2 US10/702,326 US70232603A US7434065B2 US 7434065 B2 US7434065 B2 US 7434065B2 US 70232603 A US70232603 A US 70232603A US 7434065 B2 US7434065 B2 US 7434065B2
Authority
US
United States
Prior art keywords
sequence
box
shift register
circuitry
hashed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US10/702,326
Other versions
US20050071639A1 (en
Inventor
Steve Rodgers
Sherman (Xuemin) Chen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corp filed Critical Broadcom Corp
Priority to US10/702,326 priority Critical patent/US7434065B2/en
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEN, SHERMAN (XUEMIN), RODGERS, STEVE
Priority to EP04011549A priority patent/EP1487211A3/en
Publication of US20050071639A1 publication Critical patent/US20050071639A1/en
Priority to US12/245,873 priority patent/US7797551B2/en
Publication of US7434065B2 publication Critical patent/US7434065B2/en
Application granted granted Critical
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/426Internal components of the client ; Characteristics thereof
    • H04N21/42607Internal components of the client ; Characteristics thereof for processing the incoming bitstream
    • H04N21/42623Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/4424Monitoring of the internal components or processes of the client device, e.g. CPU or memory load, processing speed, timer, counter or percentage of the hard disk space used
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/165Centralised control of user terminal ; Registering at central
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17318Direct or substantially direct transmission and handling of requests

Definitions

  • STBC set-top-box chip
  • OTP memory may be used to store keys for decrypting one or more encrypted sequences received by the set-top-box. The use of these OTP memories allows the storage of keys that are unique to a set-top-box.
  • each set-top-box is associated with unique keys that are burned into an OTP memory, access to a single OTP memory of a set-top-box chip will not compromise other set-top-boxes within a network.
  • an unauthorized entity may overcome the security provided by using such one time programming memories. If an unauthorized entity obtains a large number of new un-programmed OTP memory chips, he only needs to obtain a single authorized OTP key to be able to program all OTP memory chips. Once obtained, the unauthorized entity may program all OTP memories using the authorized key, allowing him to sell the set-top boxes and earn a sizeable profit. The unauthorized entity may continue to sell such unauthorized set-top-boxes, thereby undercutting the sales revenue of the authorized content provider. Since the set-top-boxes are all programmed with the authorized key, they will all respond in the same fashion as the set-top-box containing the original authorized key.
  • an original database of OTP keys may be compromised. Should an unauthorized entity hack or decipher the OTP keys in one or more STBCs, he may be able to recover original content from a content provider by deducing additional information about the encryption mechanism used by the STBC. This may be accomplished by legitimately subscribing service for one set-top-box while leaving the other unauthorized boxes unsubscribed. Since the OTP keys of all set-top-boxes are known, the unauthorized entity may implement circuitry within the unauthorized set-top-boxes to allow the decryption of one or more encrypted keys by way of knowledge obtained from operation of the authorized set-top-box. Of course, the encryption methodology may be implemented by reversing the steps used in the decryption process. As a result, the unauthorized set-top-boxes may be able to illegitimately obtain content provided by the cable television carrier, satellite operator, or content provider.
  • a content provider may implement a methodology in which a verification sequence must be sent from the content provider before a set-top-box is initialized allowing the content to be correctly displayed to an end-user.
  • the content provider may update a database at its head-end, for example, related to the set-top-boxes that have been initialized and enabled for use.
  • the use of one or more additional STBCs programmed with an identical OPT key may not be productive for a hacker since the content provider will only enable the first set-top-box using a particular OTP key.
  • an unauthorized entity legitimately subscribes to a set-top-box, he may monitor a verification sequence transmitted to his set-top-box when the set-top-box is first enabled.
  • the unauthorized entity may use the sequence to enable his own illegitimate set-top-boxes (using the same OTP key) by using the same sequence at another time.
  • the unauthorized entity may also use the sequence to deduce additional information about the original unencrypted sequence by decrypting the sequence using the known OTP key.
  • it may be possible to authorize illegitimate set-top-boxes by issuing verification sequences to these illegitimate set-top-boxes without being activated by the head-end.
  • the unauthorized entity acts as a head-end in this instance.
  • an unauthorized entity does not monitor a verification sequence transmitted by a content provider. Instead he fabricates cloned set-top-boxes prior to the first set-top-box being enabled. The unauthorized entity schedules an initialization of all unauthorized set-top-boxes by powering up and receiving the initial verification sequence transmitted by the content provider. Hence, all unauthorized set-top-boxes may be enabled simultaneously.
  • aspects of the present invention may be found in a system and method to verify the authenticity of a set-top-box chip (STBC) or set-top-box integrated circuit used in a set-top-box (STB).
  • STBC set-top-box chip
  • STB set-top-box integrated circuit
  • the method of verifying the authenticity of a set-top-box chip involves receiving a verification sequence from a head-end verification device, generating an encryption key, decrypting the verification sequence using the encryption key to generate a first hashed data sequence, generating a second hashed data sequence, and determining if the first hashed data sequence is equal to the second hashed data sequence.
  • the second hashed data sequence is a hash function of one or more parameters stored in the set-top-box chip. The parameters include a constant and an output from a linear feedback shift register.
  • the method incorporates transmitting a re-synchronization request to the head-end verification device in order to reactivate the set-top-box chip.
  • the method includes initializing a linear feedback shift register using an initialization seed that is unique to each set-top-box chip.
  • the system for allowing a cable TV head-end to verify the authenticity of a set-top-box chip incorporates a decryption circuitry for generating a first hashed sequence from a verification sequence transmitted by the cable TV head-end, a hash function circuitry for implementing a hashing function for generating a second hashed sequence, an encryption key generating function circuitry, a linear feedback shift register, a one time programmable memory for storing one or more keys, a non-volatile memory for storing an output of the linear feedback shift register, a timer value, and an enable status indicator.
  • a return channel circuitry for transmitting a re-synchronization request and a compare circuitry for comparing the first hashed sequence with the second hashed sequence is used.
  • FIG. 1 is a block diagram of a set-top-box (STB) verification system utilizing a set-top-box chip (STBC) in accordance with an embodiment of the present invention.
  • STB set-top-box
  • STBC set-top-box chip
  • FIG. 2 is a detailed block diagram of a set-top-box chip (STBC) in accordance with an embodiment of the invention.
  • STBC set-top-box chip
  • FIG. 3 is a relational block diagram illustrating successive linear feedback shift register (LFSR) states used in re-synchronizing a set-top-box chip to a head-end verification device in accordance with an embodiment of the invention.
  • LFSR linear feedback shift register
  • aspects of the present invention may be found in a system and method to verify the authenticity of a set-top-box chip (STBC) or integrated circuit used in a set-top-box (STB).
  • STBC set-top-box chip
  • STB set-top-box
  • the one or more methods and systems used may prevent unauthorized replication and operation of set-top-boxes by one or more unauthorized entities.
  • the set-top-boxes incorporate a set-top-box-chip used to decode or decrypt media content provided by a cable television carrier, satellite operator or content provider.
  • the cable TV carrier validates a STBC in a STB by way of a verification sequence that requires a successful verification by the STBC.
  • FIG. 1 is a block diagram of a set-top-box (STB) verification system 100 utilizing a set-top-box chip (STBC) 108 in accordance with an embodiment of the present invention.
  • the STB verification system comprises a head-end verification device (HVD) 104 communicatively coupled to one or more set-top-boxes (STBs).
  • HVD head-end verification device
  • STBs set-top-boxes
  • the STB verification system 100 displays a HVD 104 communicating with a single STBC 108 .
  • the STBC 108 resides as hardware within a typical set-top-box (STB).
  • the HVD may comprise a combination of hardware and/or software used to generate a verification sequence, V, that is transmitted to the STBC 108 .
  • the HVD 104 may comprise a computing device such as a desktop computer capable of storing software.
  • the HVD 104 may comprise a processor, a main processor memory, and a storage device such as a hard disk drive.
  • the software may comprise one or more databases and software applications used during the verification of a STBC 108 .
  • the HVD 104 resides within a head-end or control center of a cable television carrier.
  • the HVD 104 generates a verification sequence, V, through a number of steps.
  • an encryption key is used in combination with a hashed output to generate the verification sequence, V.
  • the encryption key is generated by an encryption engine 112 of the HVD 104 .
  • the encryption engine 112 may comprise an encryption circuitry or software employing a 3DES or AES encryption function.
  • the encryption engine 112 receives as inputs an encryption key and a first hashed data sequence.
  • the encryption key is a function of a word, which may be described herein as a verifier word (VER), a key, which may be described herein as a one time programmable key (OTPK), and an output, LF, from a linear shift register (LFSR) 116 .
  • the output, LF, from the LFSR 116 is incremented such that the verification sequence, V, changes after each successful verification. As a consequence, the same verification sequence, V, is not continuously used to re-enable the same STB.
  • the VER and OTPK parameters may be stored within one or more-secured databases within one or more storage devices in the cable TV head-end.
  • the VER and OTPK parameters may comprise unique values corresponding to each authorized STBC manufactured by a STBC manufacturer.
  • the encryption key is implemented by a key generation unit 118 employing a key generation function, f(*).
  • the key generation unit 118 may comprise hardware and/or software.
  • the key generation unit may be implemented by way of execution of software instructions or an application residing in the HVD 104 .
  • the first hashed data sequence is a function of a hashing function.
  • the hashing function is implemented by a hash function unit 120 pictured in FIG. 1 .
  • the hash function unit 120 receives inputs provided by the LFSR 116 and a constant, alternatively described herein as a hidden constant (HC).
  • the hash function unit 120 may comprise hardware and/or software and may be implemented by way of execution of software instructions residing within the HVD 104 .
  • the verification sequence may be expressed as a function of the following variables or parameters:
  • V E ⁇ f(VER,OTPK,LF), f(HC,LF) ⁇
  • VER is the verifier word
  • OTPK is the one time programmable key
  • LF is the LFSR output
  • HC is the hidden constant. That is, the verification sequence sent to the STB is a function of two functions.
  • the encryption key, f(VER,OTPK,LF) is a function of VER, OTPK, and LF
  • the unencrypted data, f(HC,LF) is a function of HC and LF.
  • the verifier word, VER comprises at least 64 bits.
  • a hash function is used to scramble an LFSR output.
  • the hash function may be a SHA-1 or any other type of function which can securely obscure the original contents.
  • the decryption circuitry 124 may comprise a circuitry implementing the 3DES or AES encryption technique allowing the verification sequence, V, to be correctly decrypted at the STBC 108 .
  • the decryption circuitry 124 receives an input provided by a key generation circuitry 128 employing the same function, f(*), previously described in reference to the HVD 104 .
  • the encryption key is a function of the verifier word (VER), the one time programmable key (OTPK), and the output, LF, from a linear shift register (LFSR) 132 .
  • the decryption circuitry 124 recovers the first hashed data sequence previously generated at the HVD 104 .
  • a hash function circuitry 136 generates a second hashed data sequence.
  • the hash function circuitry 136 uses as inputs the output from the LFSR 132 and a constant or hidden constant (HC).
  • the hidden constant (HC) is generated utilizing of one or more programmable parameters stored within the STBC.
  • the same programmable parameters are implemented at the HVD 104 in order to generate the same hidden constant during the encryption process.
  • the HCs for a number of STBCs may be stored within the head-end's HVD 104 for use by the encryption engine 112 .
  • the hidden constant is determined by the STBC manufacturer, while the cable TV carrier, satellite operator, or content provider determines the OTPK, VER, and the LF values.
  • the hidden constant may be modified using programmable parameters in a manner known only to the STBC manufacturer.
  • the STBC manufacturer may implement the programmable parameters by way of hardware and/or software located in the STBC and the HVD 104 .
  • the programmable parameters may vary based on one or more initial values provided by the STBC manufacturer.
  • OTPK, VER, or LF databases within the HVD 104 is compromised by a hacker or unauthorized person, it will be possible to maintain security by modifying the hidden constant by using an implementation and/or database of initial values known only by the STBC manufacturer.
  • the compare circuitry 140 compares the recovered first hashed data sequence to the second hashed data sequence. If the first hashed data sequence is equal to the second hashed data sequence, the compare circuitry 140 outputs a status indicator signal.
  • the status indicator signal may generate a human readable message that is displayed on an exemplary LED located within the set-top-box (STB). For example, the status indicator signal may generate the words “OK” if the first hashed data sequence is equal to the second hashed data sequence; otherwise, the status indicator signal may generate the word “FAIL”.
  • FIG. 2 is a detailed block diagram of a set-top-box chip (STBC) 200 in accordance with an embodiment of the invention.
  • the STBC 200 comprises a decryption circuitry 204 , a compare circuitry 208 , a hash function circuitry 212 , an encryption key generation circuitry 216 , a linear feedback shift register (LFSR) 220 , a timer reset circuitry 224 , a modify enable status circuitry 226 , a back channel return circuitry 228 , a one time programmable memory (OTP Memory) 232 , and a non-volatile random access memory (NVRAM) 236 .
  • the decryption circuitry 204 receives a verification sequence, V, transmitted by a head-end.
  • the verification sequence, V is generated by a head-end verification device (HVD) as described in relation to FIG. 1 .
  • the decryption circuitry 204 uses an encryption key provided by the key generation circuitry 216 in order to decrypt the verification sequence, V.
  • the decryption circuitry 204 outputs a recovered first hashed data sequence that was previously encrypted by the encryption engine of the HVD.
  • the recovered first hashed data sequence is input into the compare circuitry 208 .
  • the hash function circuitry 212 generates a second hashed data sequence that is provided as an input to the compare circuitry 208 .
  • the hash function output is a function of a constant (termed a hidden constant (HC) since it is modified only by a set-top-box chip manufacturer) and the output of the LFSR 220 .
  • the compare circuitry 208 compares the first hashed data sequence to the second hashed data sequence. If the first hashed data sequence is equal to the second hashed data sequence, the compare circuitry 208 generates a control signal to the timer reset circuitry 224 . As a result, the timer reset circuitry 224 may reset a timer value stored within the non-volatile random access memory 236 . The timer value corresponds to the amount of time remaining before the STBC disables itself. The timer value may be set to any value desired by a cable TV carrier.
  • the compare circuitry may output a control signal that inhibits resetting of the timer value stored in the NVRAM 236 .
  • the head-end verification device may determine that the STBC receiving and reading the verification sequences is unauthorized for use, when one or more verification sequences do not permit resetting of the timer value in the NVRAM 236 .
  • the back channel return circuitry 228 may be used by the head-end verification device as a mechanism to communicate with the STBC and subsequently disable the STBC. As shown in FIG.
  • OTP key (OTPK), verifier word (VER), and OTP ID word (OTPID) is stored in the OTP memory 232 of the set-top-box chip.
  • OTP key (OTPK), verifier word (VER), and OTP ID word (OTPID) is stored in the OTP memory 232 of the set-top-box chip.
  • OTPK, VER, and OTPID may be burned into the OTP memory 232 during the set-top-box manufacturing process by the set-top-box chip manufacturer.
  • the head-end verification device When a verification sequence is sent by the head-end, the head-end verification device (HVD) automatically increments its LFSR.
  • the STBC 200 When the verification sequence is received by the appropriate STBC 200 , the STBC 200 generates a control signal to increment the LFSR 220 to its next state if verification is successful (i.e., the resulting first hashed data sequence equals the second hashed sequence).
  • the next verification sequence transmitted by the HVD to the STBC 200 will be different.
  • periodic changing of the verification sequence poses a significant deterrent to a hacker. Of course, a hacker may find it more difficult to crack and decipher verification sequences that are continuously changing.
  • the control signal generated by the compare circuitry 208 is input to the modify enable status circuitry 226 .
  • the modify enable status circuitry 226 modifies an enable status register or location within the NVRAM 236 to indicate that the STBC 200 is enabled.
  • the one or more values i.e., LFSR state (or LF), timer value, and enable status
  • the one or more values i.e., LFSR state (or LF), timer value, and enable status
  • LFSR state or LF
  • timer value timer value
  • enable status stored within the NVRAM 236 will not be lost in the event of power loss to the STBC 200 . Because the memory is non-volatile, these values will remain when power is restored to the STB. This incident may occur, for example, when the STB is inadvertently unplugged or if there is a power failure.
  • the STBC 200 is able to monitor all verification sequences that are sent by the HVD in order to synchronize itself with respect to the current LFSR 220 state. If the STBC 200 is unable to monitor an incoming verification sequence, then it will not be able to transition to its next state and the LFSR 220 states between the HVD and the STBC 200 will differ. Unless this is resolved, the STBC 200 will not be able to reset its timer; as a consequence, the STBC 200 will be disabled in due course. As a result, the STBC will disable itself without any intervention from the head-end.
  • the STBC 200 is operational, this should not be an issue.
  • the verification sequence may be sent while the box is unplugged, or when the STBC 200 suffers a power outage, there needs to be a method for re-synchronizing the HDV with the STBC's LFSR 200 . This is accomplished, for example, by the back channel return circuitry 228 .
  • the back channel return circuitry 228 may be automatically triggered whenever a verification sequence is not successfully decrypted by the STBC.
  • the STBC 200 loads the previous value of its LFSR 220 state (so as not to expose its current value) from its NVRAM 236 , passes it through the hash function circuitry 212 , encrypts it using the verifier word (VER), then sends it to the HVD, which receives it, and re-synchronizes its LFSR state to the value that matches the STBC.
  • VER verifier word
  • the back channel re-synchronizing capability may present itself as a vulnerability to a hacker, since it may allow a hacker to re-synchronize an LFSR state for a particular box.
  • a hacker that has cloned multiple boxes using the same OTPK and the same LFSR initialization state.
  • the LFSR state of the HVD for that particular OTPK will cause all other cloned boxes to fail when the new verification sequence is sent.
  • all cloned boxes (minus the one STBC that initially lost power) will request re-synchronization.
  • the head-end may determine that one or more STBs have been compromised, one or more commands and/or messages may be generated indicating that the one or more cloned STBs are unauthorized.
  • a STBC is designed without a back channel return circuitry 228 .
  • the technique used may be modified to minimize the occurrence of an authorized box getting out of sync with the head-end verification device.
  • the method employs transmitting a verification sequence multiple times until the STBC resets its timer.
  • the transmitted verification sequence may have a type of encoded identification code such that the STB only increments the LFSR once for a given identification code, and also only resets its timer once for a given identification code. If identical verification sequences containing the same identification code are received, no further action would be taken until the identification code is changed.
  • a “windowing” capability is deployed for the LFSR in the STBC.
  • the STBC has the capability of incrementing its LFSR state by one or more states before trying to decode the verification sequence again.
  • the LFSR may continue to decode the verification sequence over some small number of incremental states.
  • the incremental states may comprise a “window” that may be set equal to a relatively small number such as the value 3. Setting the “window” to size of value 3 is analogous to allowing the STBC to miss three verification sequences.
  • FIG. 3 is a relational block diagram illustrating successive LFSR states used in re-synchronizing a set-top-box chip to a head-end verification device in accordance with an embodiment of the invention.
  • the current state 300 is indicated as state S(j).
  • the next state S(j+1) 308 is indicated by the “window” 304 shown.
  • the “window” 304 comprises the next 3 possible states.
  • the STBC may successively attempt to re-synchronize to the HVD using any one of the next three LFSR states.
  • the user may phone a customer service center of the cable TV carrier to request a re-synchronization of their STBC.
  • the customer service center may provide a user a verification sequence to re-synchronize their STBC.
  • Periodic verification also ensures that even if a hacker manages to successfully bypass the verification sequence one time, his chip will only be enabled for a limited period of time before becoming disabled again. Based on the information it receives from an STBC, a head-end may be able to manually disable a STB that it knows has been compromised. Even if the HVD does not have this information, the STBC will be disabled since it is not configured to receive a verification sequence properly.
  • a unique initial LFSR seed value may be programmed into its NVRAM, so that every STBC will start its LFSR from a different state. Thus, even if the LFSR configuration is deciphered by an unauthorized entity, it will not be possible to determine the LFSR state, since the initial LFSR seed value is not known. Because each STBC is initialized with a unique LFSR seed, a hacker cannot enable multiple STBs using the same verification sequence transmitted by a head-end. Note that the NVRAM contains sensitive data and the STBC should be configured such that access to the NVRAM is obviated. For example, one should ensure that the NVRAM contents cannot be accessed by a processor (CPU) or any other process, such as a built-in-self-test (BIST) or scan test.
  • CPU processor
  • BIST built-in-self-test
  • the one time programmable key uniquely corresponds to an identifier word termed a one time programmable identification word (OTPID word) while the verifier word (VER) uniquely corresponds with the OPTID word.
  • OPTID word identifier word
  • VER verifier word
  • these unique correspondences or mappings are stored as two independent and separate databases.
  • Furthennore the LFSR seed or initialization value uniquely corresponds to the identifier word; as a result, it is contemplated that the LFSR seeds that are mapped to OTPID words, are separately stored as its own database. Because these three mappings may be stored individually as separate databases, it is possible for them to be stored as data files in separate computing devices.
  • the computing devices may be located separately, and a cable TV carrier may employ one or more security measures to allow only authorized personnel access to these computing devices and/or databases.
  • a hacked database such as a hacked OTPK database
  • knowledge of all three databases is required to successfully verify the chip.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Graphics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Storage Device Security (AREA)

Abstract

One or more methods and systems of authenticating or verifying a set-top-box chip in a set-top-box are presented. In one embodiment, a set-top-box incorporates a set-top-box chip used to decode or decrypt media content provided by a cable television operator or carrier. The set-top-box chip incorporates a decryption circuitry, a compare circuitry, a hash function circuitry, a key generation circuitry, a back channel return circuitry, a linear feedback shift register, a timer reset circuitry, a modify enable status circuitry, a one time programmable memory, and a non-volatile memory. The cable TV carrier validates a set-top-box chip used in a set-top-box by way of a verification sequence that requires a successful verification by the set-top-box chip.

Description

RELATED APPLICATION/INCORPORATION BY REFERENCE
This application makes reference to and claims priority from U.S. Provisional Patent Application Ser. No. 60/506,894, entitled “SECURE VERIFICATION USING A SET-TOP-BOX CHIP”, filed on Sep. 29, 2003, the complete subject matter of which is incorporated herein by reference in its entirety.
FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
[Not Applicable]
MICROFICHE/COPYRIGHT REFERENCE
[Not Applicable]
BACKGROUND OF THE INVENTION
Cable television carriers, satellite operators, or content providers have distributed media or content material to paid subscribers using set-top-boxes. The ultimate goal of security features on a set-top-box chip (“STBC”) of a set-top-box, is to prevent an unauthorized entity from receiving or distributing material originating from a content provider. Modern STBCs have employed many security features which are intended to prevent such an occurrence, most of which are based on an on-chip one time programmable memory (OTP memory). The OTP memory may be used to store keys for decrypting one or more encrypted sequences received by the set-top-box. The use of these OTP memories allows the storage of keys that are unique to a set-top-box. These keys are used for decrypting or decoding encrypted data sequences received from a cable TV operator. Because each set-top-box is associated with unique keys that are burned into an OTP memory, access to a single OTP memory of a set-top-box chip will not compromise other set-top-boxes within a network.
However, an unauthorized entity may overcome the security provided by using such one time programming memories. If an unauthorized entity obtains a large number of new un-programmed OTP memory chips, he only needs to obtain a single authorized OTP key to be able to program all OTP memory chips. Once obtained, the unauthorized entity may program all OTP memories using the authorized key, allowing him to sell the set-top boxes and earn a sizeable profit. The unauthorized entity may continue to sell such unauthorized set-top-boxes, thereby undercutting the sales revenue of the authorized content provider. Since the set-top-boxes are all programmed with the authorized key, they will all respond in the same fashion as the set-top-box containing the original authorized key.
In another instance, an original database of OTP keys may be compromised. Should an unauthorized entity hack or decipher the OTP keys in one or more STBCs, he may be able to recover original content from a content provider by deducing additional information about the encryption mechanism used by the STBC. This may be accomplished by legitimately subscribing service for one set-top-box while leaving the other unauthorized boxes unsubscribed. Since the OTP keys of all set-top-boxes are known, the unauthorized entity may implement circuitry within the unauthorized set-top-boxes to allow the decryption of one or more encrypted keys by way of knowledge obtained from operation of the authorized set-top-box. Of course, the encryption methodology may be implemented by reversing the steps used in the decryption process. As a result, the unauthorized set-top-boxes may be able to illegitimately obtain content provided by the cable television carrier, satellite operator, or content provider.
A content provider may implement a methodology in which a verification sequence must be sent from the content provider before a set-top-box is initialized allowing the content to be correctly displayed to an end-user. The content provider may update a database at its head-end, for example, related to the set-top-boxes that have been initialized and enabled for use. As a result, the use of one or more additional STBCs programmed with an identical OPT key may not be productive for a hacker since the content provider will only enable the first set-top-box using a particular OTP key. However, if an unauthorized entity legitimately subscribes to a set-top-box, he may monitor a verification sequence transmitted to his set-top-box when the set-top-box is first enabled. After obtaining the verification sequence, the unauthorized entity may use the sequence to enable his own illegitimate set-top-boxes (using the same OTP key) by using the same sequence at another time. The unauthorized entity may also use the sequence to deduce additional information about the original unencrypted sequence by decrypting the sequence using the known OTP key. As a consequence, it may be possible to authorize illegitimate set-top-boxes by issuing verification sequences to these illegitimate set-top-boxes without being activated by the head-end. The unauthorized entity acts as a head-end in this instance.
In another instance, an unauthorized entity does not monitor a verification sequence transmitted by a content provider. Instead he fabricates cloned set-top-boxes prior to the first set-top-box being enabled. The unauthorized entity schedules an initialization of all unauthorized set-top-boxes by powering up and receiving the initial verification sequence transmitted by the content provider. Hence, all unauthorized set-top-boxes may be enabled simultaneously.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.
BRIEF SUMMARY OF THE INVENTION
Aspects of the present invention may be found in a system and method to verify the authenticity of a set-top-box chip (STBC) or set-top-box integrated circuit used in a set-top-box (STB).
In one embodiment, the method of verifying the authenticity of a set-top-box chip involves receiving a verification sequence from a head-end verification device, generating an encryption key, decrypting the verification sequence using the encryption key to generate a first hashed data sequence, generating a second hashed data sequence, and determining if the first hashed data sequence is equal to the second hashed data sequence. In one embodiment, the second hashed data sequence is a hash function of one or more parameters stored in the set-top-box chip. The parameters include a constant and an output from a linear feedback shift register. In one embodiment, the method incorporates transmitting a re-synchronization request to the head-end verification device in order to reactivate the set-top-box chip. In another embodiment, the method includes initializing a linear feedback shift register using an initialization seed that is unique to each set-top-box chip.
In one embodiment, the system for allowing a cable TV head-end to verify the authenticity of a set-top-box chip incorporates a decryption circuitry for generating a first hashed sequence from a verification sequence transmitted by the cable TV head-end, a hash function circuitry for implementing a hashing function for generating a second hashed sequence, an encryption key generating function circuitry, a linear feedback shift register, a one time programmable memory for storing one or more keys, a non-volatile memory for storing an output of the linear feedback shift register, a timer value, and an enable status indicator. In addition, a return channel circuitry for transmitting a re-synchronization request and a compare circuitry for comparing the first hashed sequence with the second hashed sequence is used.
These and other advantages, aspects, and novel features of the present invention, as well as details of illustrated embodiments, thereof, will be more fully understood from the following description and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a set-top-box (STB) verification system utilizing a set-top-box chip (STBC) in accordance with an embodiment of the present invention.
FIG. 2 is a detailed block diagram of a set-top-box chip (STBC) in accordance with an embodiment of the invention.
FIG. 3 is a relational block diagram illustrating successive linear feedback shift register (LFSR) states used in re-synchronizing a set-top-box chip to a head-end verification device in accordance with an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
Aspects of the present invention may be found in a system and method to verify the authenticity of a set-top-box chip (STBC) or integrated circuit used in a set-top-box (STB). The one or more methods and systems used may prevent unauthorized replication and operation of set-top-boxes by one or more unauthorized entities. The set-top-boxes incorporate a set-top-box-chip used to decode or decrypt media content provided by a cable television carrier, satellite operator or content provider. The cable TV carrier validates a STBC in a STB by way of a verification sequence that requires a successful verification by the STBC.
FIG. 1 is a block diagram of a set-top-box (STB) verification system 100 utilizing a set-top-box chip (STBC) 108 in accordance with an embodiment of the present invention. The STB verification system comprises a head-end verification device (HVD) 104 communicatively coupled to one or more set-top-boxes (STBs). For purposes of illustration, the STB verification system 100 displays a HVD 104 communicating with a single STBC 108. The STBC 108 resides as hardware within a typical set-top-box (STB). The HVD may comprise a combination of hardware and/or software used to generate a verification sequence, V, that is transmitted to the STBC 108. The HVD 104 may comprise a computing device such as a desktop computer capable of storing software. The HVD 104 may comprise a processor, a main processor memory, and a storage device such as a hard disk drive. The software may comprise one or more databases and software applications used during the verification of a STBC 108. The HVD 104 resides within a head-end or control center of a cable television carrier.
Operationally, the HVD 104 generates a verification sequence, V, through a number of steps. As illustrated in FIG. 1, an encryption key is used in combination with a hashed output to generate the verification sequence, V. The encryption key is generated by an encryption engine 112 of the HVD 104. The encryption engine 112 may comprise an encryption circuitry or software employing a 3DES or AES encryption function. The encryption engine 112 receives as inputs an encryption key and a first hashed data sequence. The encryption key is a function of a word, which may be described herein as a verifier word (VER), a key, which may be described herein as a one time programmable key (OTPK), and an output, LF, from a linear shift register (LFSR) 116. The output, LF, from the LFSR 116 is incremented such that the verification sequence, V, changes after each successful verification. As a consequence, the same verification sequence, V, is not continuously used to re-enable the same STB. The VER and OTPK parameters may be stored within one or more-secured databases within one or more storage devices in the cable TV head-end. It is contemplated that the VER and OTPK parameters may comprise unique values corresponding to each authorized STBC manufactured by a STBC manufacturer. As shown, the encryption key is implemented by a key generation unit 118 employing a key generation function, f(*). The key generation unit 118 may comprise hardware and/or software. The key generation unit may be implemented by way of execution of software instructions or an application residing in the HVD 104. The first hashed data sequence is a function of a hashing function. The hashing function is implemented by a hash function unit 120 pictured in FIG. 1. As illustrated, the hash function unit 120 receives inputs provided by the LFSR 116 and a constant, alternatively described herein as a hidden constant (HC). The hash function unit 120 may comprise hardware and/or software and may be implemented by way of execution of software instructions residing within the HVD 104.
The verification sequence may be expressed as a function of the following variables or parameters:
V=E{f(VER,OTPK,LF), f(HC,LF)} where VER is the verifier word, OTPK is the one time programmable key, LF is the LFSR output, and HC is the hidden constant. That is, the verification sequence sent to the STB is a function of two functions. The encryption key, f(VER,OTPK,LF), is a function of VER, OTPK, and LF, while the unencrypted data, f(HC,LF), is a function of HC and LF. The verifier word, VER, comprises at least 64 bits.
A hash function is used to scramble an LFSR output. The hash function may be a SHA-1 or any other type of function which can securely obscure the original contents.
Once the verification sequence, V, is received by the STBC 108, the verification sequence is decrypted by a decryption circuitry 124. The decryption circuitry 124 may comprise a circuitry implementing the 3DES or AES encryption technique allowing the verification sequence, V, to be correctly decrypted at the STBC 108. In order to decrypt the verification sequence, V, the decryption circuitry 124 receives an input provided by a key generation circuitry 128 employing the same function, f(*), previously described in reference to the HVD 104. The encryption key is a function of the verifier word (VER), the one time programmable key (OTPK), and the output, LF, from a linear shift register (LFSR) 132. By incorporating the encryption key, the decryption circuitry 124 recovers the first hashed data sequence previously generated at the HVD 104. A hash function circuitry 136 generates a second hashed data sequence. The hash function circuitry 136 uses as inputs the output from the LFSR 132 and a constant or hidden constant (HC). In one embodiment, the hidden constant (HC) is generated utilizing of one or more programmable parameters stored within the STBC. The same programmable parameters are implemented at the HVD 104 in order to generate the same hidden constant during the encryption process. As a consequence, the HCs for a number of STBCs may be stored within the head-end's HVD 104 for use by the encryption engine 112. In one embodiment, the hidden constant (HC) is determined by the STBC manufacturer, while the cable TV carrier, satellite operator, or content provider determines the OTPK, VER, and the LF values. The hidden constant may be modified using programmable parameters in a manner known only to the STBC manufacturer. The STBC manufacturer may implement the programmable parameters by way of hardware and/or software located in the STBC and the HVD 104. In one embodiment, the programmable parameters may vary based on one or more initial values provided by the STBC manufacturer. Thus, if one or more OTPK, VER, or LF databases within the HVD 104 is compromised by a hacker or unauthorized person, it will be possible to maintain security by modifying the hidden constant by using an implementation and/or database of initial values known only by the STBC manufacturer.
The compare circuitry 140 compares the recovered first hashed data sequence to the second hashed data sequence. If the first hashed data sequence is equal to the second hashed data sequence, the compare circuitry 140 outputs a status indicator signal. The status indicator signal may generate a human readable message that is displayed on an exemplary LED located within the set-top-box (STB). For example, the status indicator signal may generate the words “OK” if the first hashed data sequence is equal to the second hashed data sequence; otherwise, the status indicator signal may generate the word “FAIL”.
FIG. 2 is a detailed block diagram of a set-top-box chip (STBC) 200 in accordance with an embodiment of the invention. The STBC 200 comprises a decryption circuitry 204, a compare circuitry 208, a hash function circuitry 212, an encryption key generation circuitry 216, a linear feedback shift register (LFSR) 220, a timer reset circuitry 224, a modify enable status circuitry 226, a back channel return circuitry 228, a one time programmable memory (OTP Memory) 232, and a non-volatile random access memory (NVRAM) 236. The decryption circuitry 204 receives a verification sequence, V, transmitted by a head-end. The verification sequence, V, is generated by a head-end verification device (HVD) as described in relation to FIG. 1. The decryption circuitry 204 uses an encryption key provided by the key generation circuitry 216 in order to decrypt the verification sequence, V. The decryption circuitry 204 outputs a recovered first hashed data sequence that was previously encrypted by the encryption engine of the HVD. The recovered first hashed data sequence is input into the compare circuitry 208. The hash function circuitry 212 generates a second hashed data sequence that is provided as an input to the compare circuitry 208. The hash function output is a function of a constant (termed a hidden constant (HC) since it is modified only by a set-top-box chip manufacturer) and the output of the LFSR 220. The compare circuitry 208 compares the first hashed data sequence to the second hashed data sequence. If the first hashed data sequence is equal to the second hashed data sequence, the compare circuitry 208 generates a control signal to the timer reset circuitry 224. As a result, the timer reset circuitry 224 may reset a timer value stored within the non-volatile random access memory 236. The timer value corresponds to the amount of time remaining before the STBC disables itself. The timer value may be set to any value desired by a cable TV carrier. The value should exceed the time between successive resets. In the event the first hashed data sequence is not equal to the second hashed data sequence, the compare circuitry may output a control signal that inhibits resetting of the timer value stored in the NVRAM 236. In another embodiment, the head-end verification device may determine that the STBC receiving and reading the verification sequences is unauthorized for use, when one or more verification sequences do not permit resetting of the timer value in the NVRAM 236. In this instance, the back channel return circuitry 228 may be used by the head-end verification device as a mechanism to communicate with the STBC and subsequently disable the STBC. As shown in FIG. 2, the OTP key (OTPK), verifier word (VER), and OTP ID word (OTPID) is stored in the OTP memory 232 of the set-top-box chip. OTPK, VER, and OTPID may be burned into the OTP memory 232 during the set-top-box manufacturing process by the set-top-box chip manufacturer.
When a verification sequence is sent by the head-end, the head-end verification device (HVD) automatically increments its LFSR. When the verification sequence is received by the appropriate STBC 200, the STBC 200 generates a control signal to increment the LFSR 220 to its next state if verification is successful (i.e., the resulting first hashed data sequence equals the second hashed sequence). As a result of this approach, the next verification sequence transmitted by the HVD to the STBC 200 will be different. In summary, periodic changing of the verification sequence poses a significant deterrent to a hacker. Of course, a hacker may find it more difficult to crack and decipher verification sequences that are continuously changing. The control signal generated by the compare circuitry 208 is input to the modify enable status circuitry 226. When a successful verification is performed, the modify enable status circuitry 226 modifies an enable status register or location within the NVRAM 236 to indicate that the STBC 200 is enabled. The one or more values (i.e., LFSR state (or LF), timer value, and enable status) stored within the NVRAM 236 will not be lost in the event of power loss to the STBC 200. Because the memory is non-volatile, these values will remain when power is restored to the STB. This incident may occur, for example, when the STB is inadvertently unplugged or if there is a power failure.
The STBC 200 is able to monitor all verification sequences that are sent by the HVD in order to synchronize itself with respect to the current LFSR 220 state. If the STBC 200 is unable to monitor an incoming verification sequence, then it will not be able to transition to its next state and the LFSR 220 states between the HVD and the STBC 200 will differ. Unless this is resolved, the STBC 200 will not be able to reset its timer; as a consequence, the STBC 200 will be disabled in due course. As a result, the STBC will disable itself without any intervention from the head-end.
Of course, if the STBC 200 is operational, this should not be an issue. However, since the verification sequence may be sent while the box is unplugged, or when the STBC 200 suffers a power outage, there needs to be a method for re-synchronizing the HDV with the STBC's LFSR 200. This is accomplished, for example, by the back channel return circuitry 228. The back channel return circuitry 228 may be automatically triggered whenever a verification sequence is not successfully decrypted by the STBC. In such an instance, the STBC 200 loads the previous value of its LFSR 220 state (so as not to expose its current value) from its NVRAM 236, passes it through the hash function circuitry 212, encrypts it using the verifier word (VER), then sends it to the HVD, which receives it, and re-synchronizes its LFSR state to the value that matches the STBC.
The back channel re-synchronizing capability may present itself as a vulnerability to a hacker, since it may allow a hacker to re-synchronize an LFSR state for a particular box. However, consider a hacker that has cloned multiple boxes using the same OTPK and the same LFSR initialization state. As soon as a single cloned box requests resynchronization as a result of being unplugged, or due to a power outage, the LFSR state of the HVD for that particular OTPK will cause all other cloned boxes to fail when the new verification sequence is sent. When this happens, all cloned boxes (minus the one STBC that initially lost power) will request re-synchronization. This will then cause the first box to fail again, resulting in an additional re-synchronization request. This results in an unstable state. After multiple requests from the same STBC, the head-end may determine that one or more STBs have been compromised, one or more commands and/or messages may be generated indicating that the one or more cloned STBs are unauthorized.
In the case where multiple, unauthorized STBs with unauthorized OTPKs are being used, it will not be possible for the cloned box to request re-synchronization, because the head-end verification device (HVD) will only recognize requests from authorized OTPKS. Since the request for re-synchronization may involve elements of the OTPID word and OTPK, it will be very easy for the head-end to determine that the request is coming from an unauthorized source. The head-end may subsequently disable the unauthorized boxes manually, or simply allow their timers to expire.
In one embodiment, a STBC is designed without a back channel return circuitry 228. In this embodiment, the technique used may be modified to minimize the occurrence of an authorized box getting out of sync with the head-end verification device. There are two methods to accomplish this. In one embodiment, the method employs transmitting a verification sequence multiple times until the STBC resets its timer. For example, the transmitted verification sequence may have a type of encoded identification code such that the STB only increments the LFSR once for a given identification code, and also only resets its timer once for a given identification code. If identical verification sequences containing the same identification code are received, no further action would be taken until the identification code is changed. This allows the head-end to send the same verification sequence multiple times while only incrementing the LFSR state once. This technique takes into consideration the possibility of loss of power when a user powers down a device or when a power outage occurs. If the same verification sequence (with identification code) is sent over a period of several weeks, the chances that the STB will be unplugged longer than the period in which the verification sequence is sent becomes very small.
In another embodiment, a “windowing” capability is deployed for the LFSR in the STBC. In the event a verification sequence is missed, the STBC has the capability of incrementing its LFSR state by one or more states before trying to decode the verification sequence again. In this embodiment, the LFSR may continue to decode the verification sequence over some small number of incremental states. For example, the incremental states may comprise a “window” that may be set equal to a relatively small number such as the value 3. Setting the “window” to size of value 3 is analogous to allowing the STBC to miss three verification sequences. Alternatively, if a new verification sequence is sent every week, setting a three week “window” will allow recovery via re-synchronization if the STB is unplugged for 3 consecutive weeks (or unplugged one time each week at the exact instance that the verification sequence is sent, which is very unlikely).
FIG. 3 is a relational block diagram illustrating successive LFSR states used in re-synchronizing a set-top-box chip to a head-end verification device in accordance with an embodiment of the invention. The current state 300 is indicated as state S(j). The next state S(j+1) 308 is indicated by the “window” 304 shown. In this example, the “window” 304 comprises the next 3 possible states. The STBC may successively attempt to re-synchronize to the HVD using any one of the next three LFSR states.
Since the chances of getting out of sync with the head-end are minimal with either of these techniques, a back channel return circuitry may not be needed to re-synchronize. In the event that the box is unplugged longer than the periodicity of transmission of a verification sequence, the user may phone a customer service center of the cable TV carrier to request a re-synchronization of their STBC. For example, the customer service center may provide a user a verification sequence to re-synchronize their STBC.
Periodic verification also ensures that even if a hacker manages to successfully bypass the verification sequence one time, his chip will only be enabled for a limited period of time before becoming disabled again. Based on the information it receives from an STBC, a head-end may be able to manually disable a STB that it knows has been compromised. Even if the HVD does not have this information, the STBC will be disabled since it is not configured to receive a verification sequence properly.
Just before a set-top-box is shipped, a unique initial LFSR seed value may be programmed into its NVRAM, so that every STBC will start its LFSR from a different state. Thus, even if the LFSR configuration is deciphered by an unauthorized entity, it will not be possible to determine the LFSR state, since the initial LFSR seed value is not known. Because each STBC is initialized with a unique LFSR seed, a hacker cannot enable multiple STBs using the same verification sequence transmitted by a head-end. Note that the NVRAM contains sensitive data and the STBC should be configured such that access to the NVRAM is obviated. For example, one should ensure that the NVRAM contents cannot be accessed by a processor (CPU) or any other process, such as a built-in-self-test (BIST) or scan test.
The one time programmable key (OPTK) uniquely corresponds to an identifier word termed a one time programmable identification word (OTPID word) while the verifier word (VER) uniquely corresponds with the OPTID word. It is contemplated that these unique correspondences or mappings are stored as two independent and separate databases. Furthennore, the LFSR seed or initialization value uniquely corresponds to the identifier word; as a result, it is contemplated that the LFSR seeds that are mapped to OTPID words, are separately stored as its own database. Because these three mappings may be stored individually as separate databases, it is possible for them to be stored as data files in separate computing devices. Of course, the computing devices may be located separately, and a cable TV carrier may employ one or more security measures to allow only authorized personnel access to these computing devices and/or databases. This eliminates the possibility that a hacked database, such as a hacked OTPK database, could compromise the verification process since a number of separately located databases are used in the verification process. In summary, knowledge of all three databases is required to successfully verify the chip.
While the invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (46)

1. A set-top-box chip in a set-top-box comprising:
a first linear feedback shift register;
a first circuitry for generating a first hashed data sequence from a verification sequence transmitted by a head-end;
a second circuitry for implementing a hashing function for generating a second hashed data sequence;
a third circuitry for generating an encryption key which is a function of an output generated by said first linear feedback shift register;
a one time programmable memory for storing a key, a word, and an identifier word;
a non-volatile memory for storing said output of said first linear feedback shift register, a timer value, and an enable status indicator;
a fourth circuitry for synchronizing said first linear feedback shift register to a second linear feedback shift register in said head-end; and
a fifth circuitry for comparing said first hashed data sequence with said second hashed data sequence, said fifth circuitry generating a control signal for incrementing the state of said first linear feedback shift register enabling operation of said set-top-box chip if said first hashed data sequence is equal to said second hashed data sequence.
2. The system of claim 1 wherein said hashing function is a function of a constant and said output of said first linear feedback shift register.
3. The system of claim 1 wherein said first circuitry employs a 3DES or AES decryption function.
4. The system of claim 1 wherein said key uniquely corresponds to said identifier word.
5. The system of claim 1 wherein said word uniquely corresponds to said identifier word.
6. The system of claim 1 wherein said first linear feedback shift register is incremented to one or more successive states before said synchronizing occurs with said head-end.
7. The system of claim 1 wherein said verification sequence contains an identification code used to increment the state of said first linear feedback shift register.
8. A system for securely verifying the authenticity of a set-top-box comprising:
a first circuitry in a head-end, said first circuitry comprising:
a first linear feedback shift register generating a first output;
a second circuit for generating a first encryption key using said first output, a word comprising at least 64 bits, and a one time programmable key;
a third circuit for generating a first hashed sequence using a hidden constant value and said first output; and
a fourth circuit or software for generating a verification sequence transmitted to a set-top-box, said fourth circuit using said first hashed sequence and said first encryption key; and
a second circuitry in a set-top-box chip of said set-top-box, said second circuitry comprising:
a second linear feedback shift register generating a second output;
a fifth circuit for generating a second encryption key using said second output, said word comprising at least 64 bits, and said one time programmable key;
a sixth circuit for decrypting said verification sequence using said second encryption key to generate said first hashed sequence;
a seventh circuit for generating a second hashed sequence using said hidden constant value and said second output; and
an eighth circuit for comparing said first hashed sequence to said second hashed sequence, said eighth circuit generating a signal used to increment the state of said second linear feedback shift register if said first hashed sequence is equal to said second hashed sequence, said signal used for indicating that said first hashed sequence is equal to said second hashed sequence.
9. The system of claim 8 wherein said head-end resides at a cable television carrier.
10. The system of claim 8 wherein said one time programmable key is mapped to a one time programmable identification word, wherein said one time programmable key is stored in a first database while said one time programmable identification word is stored in a second database.
11. The system of claim 10 wherein said first database is stored in a first computing device while said second database is stored in a second computing device.
12. The system of claim 8 wherein said hidden constant value is generated using one or more programmable parameters stored in said set-top-box chip.
13. The system of claim 12 wherein said one or more programmable parameters are stored in said head-end.
14. The system of claim 13 wherein said hidden constant value may be modified by a set-top-box manufacturer using said one or more programmable parameters.
15. The system of claim 8 wherein said fourth circuit and said sixth circuit employ 3DES encryption.
16. The system of claim 8 wherein said fourth circuit and said sixth circuit employ AES encryption.
17. The system of claim 8 wherein said signal is used to control a ninth circuit of said second circuitry for resetting a timer value stored within a non-volatile random access memory located within said set-top-box.
18. The system of claim 17 wherein said set-top-box chip is disabled when said timer value reaches zero.
19. The system of claim 8 wherein said signal is used to control a tenth circuit of said second circuitry for modifying a register in a non-volatile random access memory located within said set-top-box, said register holding a value that indicates whether said set-top-box chip is enabled.
20. The system of claim 8 wherein said signal is used to control an eleventh circuit of said second circuitry for communicating between said set-top-box and said head-end.
21. The system of claim 20 wherein said eleventh circuit is automatically triggered whenever said first hashed sequence is not equal to said second hashed sequence.
22. The system of claim 20 wherein said eleventh circuit is used to synchronize said second linear feedback shift register to the same state of said first linear feedback shift register.
23. A method comprising:
receiving a verification sequence from a head-end by a set-top-box;
generating an encryption key;
decrypting said verification sequence using said encryption key to generate a first hashed data sequence;
generating a second hashed data sequence; and
determining if said first hashed data sequence is equal to said second hashed data sequence, said method verifying the authenticity of a set-top-box chip in said set-top-box,
wherein said encryption key is a function of:
a one time programmable key;
a word comprising at least 64 bits; and
a value output by a linear feedback shift register.
24. The method of claim 23 further comprising resetting a timer, said timer disabling operation of said set-top-box when a value provided by said timer decreases to zero.
25. The method of claim 24 wherein said resetting is performed when said set-top-box chip receives said verification sequence comprising a timer reset sequence.
26. The method of claim 23 further comprising enabling said set-top-box chip if said first hashed data sequence is equal to said second hashed data sequence.
27. The method of claim 23 wherein said second hashed data sequence is a hash function of one or more parameters stored in said set-top-box chip, said parameters comprising:
a constant; and
an output from said linear feedback shift register.
28. The method of claim 27 wherein said constant may be modified only by said set-top-box chip manufacturer.
29. The method of claim 27 wherein said output from said linear feedback shift register is stored in a non-volatile random access memory.
30. The method of claim 27 wherein said output of said linear feedback shift register is modified when a subsequent verification sequence is received.
31. The method of claim 27 wherein said output from said linear feedback shift register is mapped to an identifier word.
32. The method of claim 27 wherein both said head-end verification device and said set-top-box chip store the same said constant and implement the same said linear feedback shift register configuration to generate said first hashed data sequence and said second hashed data sequence, respectively.
33. The method of claim 27 wherein said linear feedback shift register is initialized using a seed.
34. The method of claim 27 further comprising transmitting a re-synchronization request to said head-end verification device in order to reactivate said set-top-box chip.
35. The method of claim 34 wherein said re-synchronization request is triggered when said received verification sequence generates a first hashed data sequence that is not equal to said second hashed data sequence.
36. The method of claim 35 wherein said re-synchronization request comprises an output of a previous state of said linear feedback shift register.
37. The method of claim 34 wherein said re-synchronization request utilizes the output of the next state of said linear feedback shift register.
38. The method of claim 34 wherein said re-synchronization request utilizes the output of the next few states of said linear feedback shift register.
39. The method of claim 38 wherein said next few states corresponds to the next two states.
40. The method of claim 39 wherein said next few states corresponds to the next three states.
41. The method of claim 23 wherein said one time programmable key is mapped to an identifier word.
42. The method of claim 23 wherein said word is mapped to an identifier word.
43. The method of claim 23 wherein said word uniquely identifies said set-top-box chip.
44. The method of claim 23 wherein said first hashed sequence and said second hashed sequence are both functions of the same hash function.
45. The method of claim 23 wherein a function used to generate said encrypted key is used to generate said verification sequence transmitted from said head-end verification device.
46. The method of claim 23 further comprising initializing said linear feedback shift register using an initialization seed that is unique to said set-top-box chip.
US10/702,326 2003-06-11 2003-11-06 Secure verification using a set-top-box chip Expired - Fee Related US7434065B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10/702,326 US7434065B2 (en) 2003-09-29 2003-11-06 Secure verification using a set-top-box chip
EP04011549A EP1487211A3 (en) 2003-06-11 2004-05-14 Secure verification of an STB
US12/245,873 US7797551B2 (en) 2003-09-29 2008-10-06 Secure verification using a set-top-box chip

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US50689403P 2003-09-29 2003-09-29
US10/702,326 US7434065B2 (en) 2003-09-29 2003-11-06 Secure verification using a set-top-box chip

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/245,873 Continuation US7797551B2 (en) 2003-09-29 2008-10-06 Secure verification using a set-top-box chip

Publications (2)

Publication Number Publication Date
US20050071639A1 US20050071639A1 (en) 2005-03-31
US7434065B2 true US7434065B2 (en) 2008-10-07

Family

ID=33303352

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/702,326 Expired - Fee Related US7434065B2 (en) 2003-06-11 2003-11-06 Secure verification using a set-top-box chip
US12/245,873 Expired - Fee Related US7797551B2 (en) 2003-09-29 2008-10-06 Secure verification using a set-top-box chip

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/245,873 Expired - Fee Related US7797551B2 (en) 2003-09-29 2008-10-06 Secure verification using a set-top-box chip

Country Status (2)

Country Link
US (2) US7434065B2 (en)
EP (1) EP1487211A3 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126805A1 (en) * 2004-12-15 2006-06-15 Pantech&Curitel Communications, Inc. Method of managing multimedia data and mobile communication terminal equipped with function of managing multimedia data
US20060259584A1 (en) * 2001-12-28 2006-11-16 Watson P T System and method to remotely manage and audit set top box resources
US20070024316A1 (en) * 2005-07-29 2007-02-01 Stmicroelectronics Limited Circuit personalization
US20080002718A1 (en) * 2006-06-30 2008-01-03 Bernard Marc R Method and apparatus to restore default settings in an Optical Network Terminal (ONT)
US20090202075A1 (en) * 2008-02-07 2009-08-13 General Instrument Corporation Conditional access system employing constrained encryption keys
US20110066861A1 (en) * 2009-08-17 2011-03-17 Cram, Inc. Digital content management and delivery
US8566616B1 (en) * 2004-09-10 2013-10-22 Altera Corporation Method and apparatus for protecting designs in SRAM-based programmable logic devices and the like
US8612772B1 (en) * 2004-09-10 2013-12-17 Altera Corporation Security core using soft key
US9633391B2 (en) 2011-03-30 2017-04-25 Cram Worldwide, Llc Secure pre-loaded drive management at kiosk

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050210500A1 (en) * 2004-03-22 2005-09-22 Stone Christopher J Method and apparatus for providing conditional access to recorded data within a broadband communication system
US7685418B1 (en) 2005-01-19 2010-03-23 Altera Corporation Mechanisms and techniques for protecting intellectual property
KR100708162B1 (en) * 2005-04-25 2007-04-16 삼성전자주식회사 Method for managing a domain and apparatus therefor
US8161296B2 (en) * 2005-04-25 2012-04-17 Samsung Electronics Co., Ltd. Method and apparatus for managing digital content
US8670561B1 (en) * 2005-06-02 2014-03-11 Altera Corporation Method and apparatus for limiting use of IP
US8433926B2 (en) * 2005-12-22 2013-04-30 General Instrument Corporation Method and apparatus for storing and retrieving encrypted programming content using an asymmetric key arrangement
US8406426B2 (en) * 2005-12-22 2013-03-26 General Instrument Corporation Method and apparatus for storing and retrieving encrypted programming content such that it is accessible to authorized users from multiple set top boxes
CN101473622B (en) * 2006-05-15 2013-11-06 意大利电信股份公司 Method and system for outband identification of data network communication
AU2007254220B2 (en) * 2006-05-18 2012-03-29 The Nielsen Company (Us), Llc Methods and apparatus for cooperator installed meters
KR100882507B1 (en) * 2007-11-14 2009-02-06 한국전자통신연구원 Digital cable broadcasting receiver including security module and method for authenticating the same
US8156517B2 (en) * 2008-12-30 2012-04-10 The Nielsen Company (U.S.), Llc Methods and apparatus to enforce a power off state of an audience measurement device during shipping
US8375404B2 (en) 2008-12-30 2013-02-12 The Nielsen Company (Us), Llc Methods and apparatus to enforce a power off state of an audience measurement device during shipping
US20110010747A1 (en) * 2009-07-10 2011-01-13 Samsung Electronics Co., Ltd. Method and system for customized initialization of digital host device
US8745386B2 (en) * 2010-06-21 2014-06-03 Microsoft Corporation Single-use authentication methods for accessing encrypted data
CN102117217B (en) * 2010-11-29 2012-10-03 福建新大陆通信科技股份有限公司 Method for expanding functions with set-top box script
US8918802B2 (en) 2011-02-28 2014-12-23 The Nielsen Company (Us), Llc Methods and apparatus to monitor media exposure
US8954722B2 (en) * 2011-03-04 2015-02-10 Broadcom Corporation Enforcing software updates in an electronic device
US20160261412A1 (en) * 2015-03-04 2016-09-08 Avaya Inc. Two-Step Authentication And Activation of Quad Small Form Factor Pluggable (QFSP+) Transceivers
CN111314270B (en) * 2018-12-12 2022-09-30 上海领甲数据科技有限公司 Data encryption and decryption method based on validity period uniform distribution symmetric algorithm

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4712239A (en) 1986-06-16 1987-12-08 General Instrument Corporation Security arrangement for downloadable cable television converters
EP0506637A2 (en) 1991-03-29 1992-09-30 Ericsson Inc. Cellular verification and validation system
GB2377348A (en) 2001-07-04 2003-01-08 Digital Video Networks Ltd Security unit for encrypted signal transmission
US6507907B1 (en) 1999-02-26 2003-01-14 Intel Corporation Protecting information in a system
US6550008B1 (en) * 1999-02-26 2003-04-15 Intel Corporation Protection of information transmitted over communications channels
DE10216396A1 (en) 2002-04-12 2003-10-23 Scm Microsystems Gmbh Authentication of participating cryptographic instances involves second instance decoding challenge, comparing serial numbers, sending random number from challenge to first instance for comparison
US7131004B1 (en) * 2001-08-31 2006-10-31 Silicon Image, Inc. Method and apparatus for encrypting data transmitted over a serial link

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4712239A (en) 1986-06-16 1987-12-08 General Instrument Corporation Security arrangement for downloadable cable television converters
EP0506637A2 (en) 1991-03-29 1992-09-30 Ericsson Inc. Cellular verification and validation system
US6507907B1 (en) 1999-02-26 2003-01-14 Intel Corporation Protecting information in a system
US6550008B1 (en) * 1999-02-26 2003-04-15 Intel Corporation Protection of information transmitted over communications channels
GB2377348A (en) 2001-07-04 2003-01-08 Digital Video Networks Ltd Security unit for encrypted signal transmission
US7131004B1 (en) * 2001-08-31 2006-10-31 Silicon Image, Inc. Method and apparatus for encrypting data transmitted over a serial link
DE10216396A1 (en) 2002-04-12 2003-10-23 Scm Microsystems Gmbh Authentication of participating cryptographic instances involves second instance decoding challenge, comparing serial numbers, sending random number from challenge to first instance for comparison

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7734771B2 (en) * 2001-12-28 2010-06-08 At&T Intellectual Property I, L.P. System and method to remotely manage and audit set top box resources
US20060259584A1 (en) * 2001-12-28 2006-11-16 Watson P T System and method to remotely manage and audit set top box resources
US20100299695A1 (en) * 2001-12-28 2010-11-25 At&T Intellectual Property I, L.P. System and method to remotely manage and audit set top box resources
US8566616B1 (en) * 2004-09-10 2013-10-22 Altera Corporation Method and apparatus for protecting designs in SRAM-based programmable logic devices and the like
US8612772B1 (en) * 2004-09-10 2013-12-17 Altera Corporation Security core using soft key
US20110087894A1 (en) * 2004-12-15 2011-04-14 Pantech & Curitel Communications,Inc. Method of managing multimedia data and mobile communication terminal equipped with function of managing multimedia data
US20060126805A1 (en) * 2004-12-15 2006-06-15 Pantech&Curitel Communications, Inc. Method of managing multimedia data and mobile communication terminal equipped with function of managing multimedia data
US7870391B2 (en) * 2004-12-15 2011-01-11 Pantech & Curitel Communications, Inc. Method of managing multimedia data and mobile communication terminal equipped with function of managing multimedia data
US8838998B2 (en) * 2005-07-29 2014-09-16 Stmicroelectronics (Research & Development) Limited Circuit personalization
US8384412B2 (en) * 2005-07-29 2013-02-26 Stmicroelectronics R&D Limited Circuit personalization
US20130145176A1 (en) * 2005-07-29 2013-06-06 Stmicroelectronics R&D Limited Circuit personalization
US20070024316A1 (en) * 2005-07-29 2007-02-01 Stmicroelectronics Limited Circuit personalization
US20080002718A1 (en) * 2006-06-30 2008-01-03 Bernard Marc R Method and apparatus to restore default settings in an Optical Network Terminal (ONT)
US20090202075A1 (en) * 2008-02-07 2009-08-13 General Instrument Corporation Conditional access system employing constrained encryption keys
US8687806B2 (en) * 2008-02-07 2014-04-01 Motorola Mobility Llc Conditional access system employing constrained encryption keys
US8775825B2 (en) * 2009-08-17 2014-07-08 Cram Worldwide Llc Digital content management and delivery
US20110066861A1 (en) * 2009-08-17 2011-03-17 Cram, Inc. Digital content management and delivery
US9633391B2 (en) 2011-03-30 2017-04-25 Cram Worldwide, Llc Secure pre-loaded drive management at kiosk

Also Published As

Publication number Publication date
EP1487211A3 (en) 2005-01-19
US20090037726A1 (en) 2009-02-05
US7797551B2 (en) 2010-09-14
EP1487211A2 (en) 2004-12-15
US20050071639A1 (en) 2005-03-31

Similar Documents

Publication Publication Date Title
US7797551B2 (en) Secure verification using a set-top-box chip
EP1768408B1 (en) Method of restricting use of decryption keys using encrypted digital signatures
JP4142295B2 (en) Method and apparatus for preventing piracy of digital content
US9461825B2 (en) Method and system for preventing revocation denial of service attacks
KR100891222B1 (en) Secure video system for display adaptor
US11943491B2 (en) Content protection
US20060122946A1 (en) Method and system for securing content in media systems
US7860252B2 (en) Circuit security
JPH08298657A (en) Method and apparatus for increase delivery of access
EP1855224B1 (en) Method and system for command authentication to achieve a secure interface
JP2003535517A (en) Certification using ciphertext tokens
JP4976135B2 (en) Limited access method and limited access apparatus
EP1519579B1 (en) Secure verification of an STB
US8621236B2 (en) Method for activating at least a function on a chipset and chipset for the implementation of the method
US9026800B2 (en) Method and system for allowing customer or third party testing of secure programmable code
US20170070763A1 (en) Apparatus for controlling copying of broadcast content and method for recording and playing back broadcast content using the same
JP2007036380A (en) Receiver, cas module and distribution method

Legal Events

Date Code Title Description
AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RODGERS, STEVE;CHEN, SHERMAN (XUEMIN);REEL/FRAME:014380/0736

Effective date: 20031105

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20161007

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119